• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 260
  • Last Modified:

effect of configure password policies on all accounts

Hi,
I have a few questions on SBS.  I am running SBS 2003 Premium.
1 - If I go through server management -> configure password policies, and actually configure values, will it apply to the admin account?  What about built in service accounts for MSSQL, IIS, etc?  Is this the preferred method, or should I create a GPO and configure, link that?
2 - I have several remote users on laptops out in the field.  They are using OWA and VPN to get to shares.  They are only in the office a few times a year.  I am concerned about locking them out.  I did not set these laptops up so I an unsure of the local admin passwords.
3 - What is a good method for allowing a user remote access to their PC here on site?  I have a remote user that needs to run Access databases and Great Plains accounting software.  I am thinking of setting up a 2nd public IP to route him to his desktop here in the office, (if I can get another public IP).  If I cannot, how would this be handled?  I do not want the user to RDP into the server, and I have not setup the remote work feature and do not know what it has to offer.  I do have VPN setup, so I could try having him VPN in and then RDP to his desktop....
Thanks - Wayne  
0
wspjones99
Asked:
wspjones99
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Hi wspjones99,
> 1 - If I go through server management -> configure password policies,
> and actually configure values, will it apply to the admin account?  
> What about built in service accounts for MSSQL, IIS, etc?  Is this the
> preferred method, or should I create a GPO and configure, link that?

Accounts can be set so the password never expires.  I believe the administrator password is set like this.

Password policies apply to the whole domain, unlike MOST other policies that apply to OU and potentially child OUs.

> 2 - I have several remote users on laptops out in the field.  They are
> using OWA and VPN to get to shares.  They are only in the office a few
> times a year.  I am concerned about locking them out.  I did not set
> these laptops up so I an unsure of the local admin passwords.

If the laptops are on the domain, then you can set an admin account password.  The password policies do NOT apply to local accounts.

OWA has the ability to allow the users to change their passwords and will warn them of impending expiration.  You may need to enable something in OWA though (I THINK SBS MIGHT have it enabled by default).

> 3 - What is a good method for allowing a user remote access to their
> PC here on site?  I have a remote user that needs to run Access databases
> and Great Plains accounting software.  I am thinking of setting up a
> 2nd public IP to route him to his desktop here in the office, (if I
> can get another public IP).  If I cannot, how would this be handled?  
> I do not want the user to RDP into the server, and I have not setup
> the remote work feature and do not know what it has to offer.  I do
> have VPN setup, so I could try having him VPN in and then RDP to his desktop....


Personally, I'd go with VPN into the network and RDP to their own personal workstation.

Cheers!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now